48a6e2a4aa52f03c1299479ffa0bc5504eb9dcc38612426f679549fab2135a5c

Analysis

max time kernel
119s
max time network
122s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
23/09/2023, 23:03

Target

48a6e2a4aa52f03c1299479ffa0bc5504eb9dcc38612426f679549fab2135a5c.dll
Size

2.1MB
MD5

2f1a9663c2ed8e87c2b49f5b125c4f68
SHA1

7c97938c3a995c14d519b39d48b6fd225dd189e4
SHA256

48a6e2a4aa52f03c1299479ffa0bc5504eb9dcc38612426f679549fab2135a5c
SHA512

5c46c661b4dc4f576a7d6342007fd291f6c836c9df95403d1eb8d53049f4d0e5d289d4d808365ee59f9fa01bcbf0eb54be5e6fc3f002828d0b111e93a6413472
SSDEEP

49152:vcz84B8m/mJzQAXJmemEfZOkNPSTqctjRTDpJMMS:k7qm/TMcoPSTqsL5S

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1968 wrote to memory of 2760	1968	rundll32.exe	1
PID 1968 wrote to memory of 2760	1968	rundll32.exe	1
PID 1968 wrote to memory of 2760	1968	rundll32.exe	1
PID 1968 wrote to memory of 2760	1968	rundll32.exe	1
PID 1968 wrote to memory of 2760	1968	rundll32.exe	1
PID 1968 wrote to memory of 2760	1968	rundll32.exe	1
PID 1968 wrote to memory of 2760	1968	rundll32.exe	1

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\48a6e2a4aa52f03c1299479ffa0bc5504eb9dcc38612426f679549fab2135a5c.dll,#1
1⤵
PID:2760

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\48a6e2a4aa52f03c1299479ffa0bc5504eb9dcc38612426f679549fab2135a5c.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1968